Title

The Update of automatic links setting must be configured to prompt user before allowing links to be updated. (Cat II impact)

Discussion

If an Excel workbook contains links to other documents and users are not prompted to approve them, the contents of the workbook might change without the users' knowledge because the linked files have changed. This has the risk of introducing corrupt or malicious content into the document. Prompting the user to update links will allow the content to be updated only with the user's knowledge.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel options -> Advanced -> "Ask to update automatic links" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\excel\options\binaryoptions Criteria: If the value fupdateext_78_1 is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel options -> Advanced -> "Ask to update automatic links" to "Enabled".

Additional Identifiers

Rule ID: SV-53815r1_rule

Vulnerability ID: V-17732

Group Title: DTOO150 - Automatic Link Updates

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.